[fi-rg] Telecon monday 16:00 CET / 10:00 EDT

Gian Luca Volpato volpato at rrzn.uni-hannover.de
Mon Jul 24 06:00:18 CDT 2006 

Hello Everybody,

for the discussion about the final version of our first document I  
would like to share with you a list of items I would like to go  
through during the phone conference.

- chapter 4:
for the classification of the Grid applications I proposed some time  
ago to use 3 different categories:
1 - Middlewares and protocols (Unicore, Globus, web services)
2 - Data storage and data transfer (GridFTP, dCache, GPFS)
3 - System deployment (Net of trust / Bastion hosts, High-bandwidth  
long-distance networks, TENT, AccessGrid)
I understood we agreed on this new classification model, but the last  
version of the document (v1.9) use the old 2 categories.

- chapter 4:
what makes AccessGrid an interesting use case for us?
I fully agree that multicast streams and firewall is an interesting  
topic, but is it a Grid-related issue? I mean, does the problem arise  
because of the use of Grid-specific software?
 From the text I can't really understand the interaction between  
AccessGrid and Grid.

- chapter 5:
the problem of opening a large number of ephemeral ports in the  
firewall is misleading. When such ports are allowed only for a small  
set of specific hosts (those running Grid middleware or Grid  
applications) in the internal network is it really so bad? Of course  
there is a risk in opening so many ports, but the risk is anyway  
limited to the hosts running Grid software.

- chapter 5:
the discussion about DMZ is not clear. Is it good or bad practice to  
place Grid applications in the DMZ? Why?
When must an application pass through more than 2 DMZs?

- chapter 6:
in the summary we introduce some concepts never mentioned before in  
the document. I refer in particular to:
- firewalls inspecting streams instead of single packets,
- firewalls allowing connections because other entities already  
checked the authorization,
- definition of standardized authorization mechanisms to be  
implemented by firewall vendors.
I think that what we write in the summary should also be presented  
with more details in some previous chapter. What do you think?


Looking forward to talk to you.
Regards
/Gian Luca

More information about the fi-rg mailing list